Oracle Cloud Infrastructure DevOps is a service I have written about on several occasions. The OCI DevOps service provides an Artifact Repository, Git Code repositories, Build Pipelines and Deployment Pipelines that know how to interact with the runtime environments OKE, Oracle Functions and Compute VM. The news flash is that as of earlier this month (February 2023) deployment pipelines can contain shell stages.. These allow us to include custom commands in a deployment pipeline – commands that are executed on an ephemeral container instance managed by Oracle in the selected compartment and subnet in your tenancy.
Using a shell stage, actions in the deployment pipeline are no longer limited to OKE, Function and Compute Instance as target. We can also automate deployments to OCI platforms such as service mesh and container instances or to databases (execute DDL on Oracle Database). We can also include provisioning of OCI resources in the Deployment Pipeline, for example through OCI CLI or (better even) with Terraform.
The execution container is a Linux machine with tools such as Java (8), Python (2 and 3), Helm (3), Git, OCI Fn CLI, Terraform and OCI CLI. (it does not provide Ansible as I would have had expected, nor does it have kubectl or Docker/Podman or tools for accessing a database like SQLcl; ). OCI CLI is pre-authenticated to use the pipeline resource principal to access OCI resources. At this point, we cannot use our own container definition for the runtime for Shell Stage, but we can define the shape (OCPU count and memory size). Note that you’re charged for the container instance (based on the selected compute shape) during the deployment based on the pricing model for container instances (a few cents per hour – or basically nothing considering the expected duration of these shell stages).
Configuration of the network setup as well as the policies is important to allow the runner to access the resources it needs to work on. For a Shell Stage, we have to select a Virtual Cloud Network (VCN) and regional subnet (public or private subnet). When the command is run, a virtual network interface card (VNIC) is created in the selected subnet. Ensure that the subnet has a network path to the OCI Container Registry. If any command needs to manage other OCI resources, then this must also be handled to ensure that both the network path and policy are set up correctly.
The shell stage is defined in a command specification ( see an example here). This is a yaml file (very similar to the corresponding sections of the Deployment Configuration File) that defines the input – the artifacts that should be put in the shell execution container – and environment variables to be derived from Vault Secrets and from Pipeline Parameters. The artifacts are container images from the Container Image Registry, artifacts from the Artifact Registry or assets downloaded from a publicly accessible URL. When the deployment pipeline is executed, you can see the execution of the Shell Stage steps defined in the command spec in the pipeline output and logs.
Resources
OCI Docs: OCI DevOps Deployment – Shell Stages – https://docs.oracle.com/en-us/iaas/Content/devops/using/shell_stage.htm
OCI Docs: Definition of Shell Container Image Runtime Details.
